Powering regulatory compliance

Powering regulatory compliance
Executive brief
PLM Software
Answers for industry.
Powering regulatory compliance
According to a recently released
report from analysts at AMR
Research, U.S. companies plan to
spend $15.5 billion in 2005, and
$80 billion between 2005 and
20091 to ensure that they
comply with an extensive range
of regulatory requirements, both
domestically and abroad. The
lion’s share of that sum will be
spent on technology to support
compliance issues and on people
to use it.
Respondents to the AMR
Research survey reported that
their technology dollars will go
collaboration/training/e-learning,
enterprise applications, compliance
management software and
performance management – in
that order.2 AMR Research
further reports, “technology is a
necessary component for
addressing compliance. In fact, it
grew by 50 percent between
2004 and 2005 estimates.” 3
It’s a great deal of money – but
lack of attention to compliance
opens companies to the risks of
very large fines and missed
contractual or customer
commitments, not to mention
Most strategic technology evaluation in 2005
to support compliance issues
27%
Security (internal/external)
Document/records mgmt.
21%
Reporting/risk mgmt.
13%
Business/process mgmt.
12%
Collaboration/training/
e-learning
8%
Enterprise apps
8%
Compliance mgmt. software
6%
Performance mgmt.
6%
Based on total respondents, n=221
Source: AMR Research, 2005
into internal and external security,
document/records management,
reporting/risk management,
business process management,
public outrage that can endanger
current and future markets. The
whole company will be impacted
by hefty fines or product failures.
Companies can strengthen
their compliance initiatives by
including product lifecycle
management (PLM) as they
develop an overall “compliance
framework.” Inclusion of PLM
enables companies to meet these
demands in order to:
• Achieve regulatory compliance
as part of a product lifecycle
strategy
• Reduce the risk of noncompliance and improve
efficiencies and cost of
reporting
• Eliminate outdated information
thereby saving storage space
and cost
• Reduce business risks through
managed compliance processes
• Ensure consistent creation,
management and change control
of regulatory documents
• Ensure that regulated product
capabilities are tracked and
managed as product goes
to market
Regulatory compliance has
become a top-level executive
initiative for many of today’s
leading corporations across a
wide range of industries.
Most companies plan to address
compliance issues across their
entire company, and for
international corporations, it
requires a global strategy.
Control
environment
Executive
management
Business Business Business Business
process process process process
finance
manufacturing
logistics
etc.
document and record management,
configuration mangaement, change
management, workflow, subscription and
notification services, security and access
control, system audit management, reporting
Over two-thirds of companies
said that they plan to add to or
improve their current compliance
management systems and
companies that continue to
address mandates imposed by
their customers – noteworthy in
the manufacturing sector –
anticipate more aggressive
growth intentions. “Interestingly,
business executives have more
aggressive designs to increase
spending on compliance than
their IT equivalents, 8.6 percent
versus 3.8 percent positive
growth,” the report says.4
Application
controls
IT general
controls
essential part of their compliance
strategy. Compliance starts early
in the innovation process as
teams define both product and
process capabilities. PLM ensures
that repeatable processes with
phased-gated sign-offs are in
place to enable traceability that
can be checked throughout the
innovation through manufacturing process. PLM also plays a
significant role in the identification
of product capabilities which are
predetermined by regulatory
governance. Identified product
capabilities can be traced and
managed throughout the
innovation process, thereby
ensuring that when a product
comes to market it meets the
regulatory requirements.
Some regulations are specific to
particular industries. Some are
specific to individual countries.
Some are common to U.S.
companies – whether they
operate solely domestically or
internationally. Based on their
industry, companies are required
to prove compliance with
different regulations at different
stages in a product’s lifecycle.
Businesses in the aerospace and
defense industry are pressed by
Many compliance initiatives focus
on auditing and traceability but
fall short of including product
lifecycle management (PLM) as an
3
International Traffic in Arms
Regulations (ITAR) weapons
security requirements. Manufacturers may have to comply with
extended producer responsibility
(EPR) legislation and its environmental protection subsets –
Restriction on the use of certain
Hazardous Substances (RoHS) in
the EU and China; Waste of
Electric, Electronic Equipment
(WEEE); and End of Life Vehicle
Directive (ELV), or Process
Visibility and Integrity Medical
Compliance requirements.
As different as the individual
regulations may be, they all have
some compliance issues in
common – and these demand
the establishment of automated
systems and processes to handle
the documentation necessary for
compliance. The first step consists
of understanding that compliance
is a manageable process.
Companies clearly need to invest
in a compliance framework to
meet these demands.
“Managing information to support
compliance is an enormous
challenge for business and IT
professionals. Organizations of all
sizes need an action plan for
achieving compliance and
mitigating risk in today’s new
world,” states the May 2004
AMR Research report “The
Product Lifecycle Management
Report, 2003-2008.” 5
Control
environment
Enterprise
awareness and ownership
• Fiscal and financial
compliance
(e.g. SOX)
• ELV (end of
life vehicle)
• RoHS, WEEE
• 21 CFR Part 820, 11
• ITAR
• RMA
Application
controls
Process visibility and integrity
Management of information,
access and retrieval
IT general
controls
Common to all regulatory
compliance is management of
information access, retrieval and
retention; process visibility and
integrity; and enterprise
awareness and ownership of
both the regulations and the
process of complying with them.
Compliance-related information
consists of a mix of engineering
models and drawings, contracts,
procurement documents, emails,
specifications – just to name a
few – kept together with
retention times and disposition
schedules. The vast number of
documents and computer files
have to be managed throughout
the product lifecycle – from
concept to manufacturing
planning, to sourcing, to physical
manufacturing, maintenance and
end-of-life disposition.
It makes sense to employ
product lifecycle management
(PLM) software, probably already
in use or under consideration, to
manage the product-related
information across internal
disciplines and departments and
to manage compliance with
regulations that govern different
stages of the product lifecycle.
The tools required for both kinds
of management processes exist
in well-designed PLM systems.
Many people need access to the
documents and records that
provide evidence of compliance,
so that they can all work together
to support it. This holds true for
design engineers, manufacturing
engineers, sourcing and
procurement personnel, as well
as top executives. Only in that
way can the corporation be sure
of individual employee accountability for compliance throughout
the product lifecycle. Tools such
as automated workflow and
process management can make
it much easier to provide
systematized access for
everyone in his or her role
within the system.
The same tools ensure process
visibility and integrity, by providing
secure access to authorized,
authenticated users. And the
best tools work within standard
best practice rules and definition
of roles, again throughout the
product lifecycle.
Manufacturing companies have
no real choice. They have to
achieve regulatory compliance.
The AMR Research report says,
“companies that see the big
compliance picture will put these
mandates to work for them –
compliance as the catalyst to
improve, even rethink parts of
their business.” 6 With regulatory
and customer mandates in mind,
forward-thinking companies can
think of compliance as a positive
business driver.
A possible down-side, however, is
that meeting regulatory
demands can have a serious
negative impact on cost and
Legal and
regulatory costs
Profit
margins
time-to-market. This need not
happen. Software solutions now
available can ease the process
once companies understand that
compliance is indeed a process
and not just an onerous onetime project.
Responsibility for ensuring
regulatory compliance is part of
the job descriptions of chief
financial and operating officers –
and certainly CFOs and COOs
will be held responsible by the
company. The chief information
essential criteria that must be
met for products and companies
to succeed. Failure to meet these
criteria can mean the loss of
contracts, the loss of customers
and ultimately, the loss of jobs.
Another way to look at
compliance is as a framework for
accountability throughout the
whole product lifecycle – from
early product development, to
maintenance, to obsolescence
and even to end-of-life processes
that have to be documented.
officer (CIO) is normally
responsible for finding and
deploying technology to support
compliance efforts. From there,
the accountability hands off to
the various departments involved
6
in product development.
Regulatory requirements need to
be treated the same as any other
product requirement – as
A spokesman for a global
electronics manufacturing
company recently pointed out
that the management of
information for regulatory
compliance is similar to that for
managing quality in a program
based on Six Sigma. The latter
requires adherence to a strict
set of processes and metrics,
which the company’s PLM system
has helped the organization
standardize. The same applies to
compliance with a variety of
financial and environmental
regulations. “We can store all
standard operating procedures in
the system, so that different
authorized people can pull down
anything necessary to ensure
regulatory compliance,” he said.
Similarly, an IT executive for a
manufacturer of medical products
recently reported that his
industry is faced with frequently
changing regulations from the
FDA – and that the company
depends on its PLM system to
pull information together to help
meet the need for regulatory
compliance documentation, and
to keep pace with changing
requirements.
Complying with RoHS and
WEEE regulations may require
review and redesign of existing
products to ensure compliance –
a good example of the importance
of retaining documents and
records, and managing access to
them, as well as continuing to
track changes through the
new/revised product lifecycle.
ELV speaks for itself in general
terms of lifecycle – but may also
apply to the end of component
life during maintenance, and
requires proper disposition of
hazardous materials in all cases,
along with the documentation to
prove compliance.
Obviously, the internal control
systems are very important. A
well organized and proactive
system needs to be based on a
closed-loop architecture that
supports risk transparency, IT and
business governance, corporate
reporting, statutory audit
guidelines and the custodianship
of business rules and processes.
All of these regulations require
similar adherence to process and
record integrity, and retention –
though each set of regulations
requires retention for different
lengths of time. The more
companies integrate lifecycle
steps into the corporate
compliance process, the easier it
becomes to manage compliance
and the less costly it is. And,
clearly, the management system
chosen needs to have the
flexibility to handle the specifics
for each industry, each set of
products and each set of
regulations. It also needs to have
the tools necessary to adapt to
changing business environments.
The bottom line on regulatory
compliance is ownership of the
process and the tools. Each
company has to comply: the risks
of non-compliance are simply
too high if it doesn’t. Every
corporation needs to meet hard
deadlines for compliance in an
environment of heightened
scrutiny. With those facts in mind,
it pays for organizations to
perform the process correctly,
using a stable, scalable PLM
architecture that leverages and
protects previous IT and
regulatory compliance
investments.
Footnotes:
1 AMR Research, “Spending in an
Age of Compliance,” by John
Hagerty and Fenella Scott, 2005,
Executive Summary, pages 1-2.
2 AMR Research, “Spending in an
Age of Compliance,” Figure 12,
page 26.
3 AMR Research, “Spending in an
Age of Compliance,” Figure 11
“Takeaway,” page 25.
4 AMR Research, “Spending in an
Age of Compliance,” Table 9,
“Takeaway,” page 22.
5 AMR Research, “The Product
Lifecycle Management Report,
2003-2008,” May 2004.
6 AMR Research, “Spending in an
Age of Compliance,” Executive
Summary, pages 1-2.
About Siemens PLM Software
Siemens PLM Software, a business unit of the Siemens Industry
Automation Division, is a leading global provider of product
lifecycle management (PLM) software and services with nearly
six million licensed seats and 56,000 customers worldwide.
Headquartered in Plano, Texas, Siemens PLM Software works
collaboratively with companies to deliver open solutions that
help them turn more ideas into successful products. For more
information on Siemens PLM Software products and services,
visit www.siemens.com/plm.
Siemens PLM Software
Headquarters
Granite Park One
5800 Granite Parkway
Suite 600
Plano, TX 75024
USA
972 987 3000
Fax 972 987 3398
Americas
Granite Park One
5800 Granite Parkway
Suite 600
Plano, TX 75024
USA
800 498 5351
Fax 972 987 3398
Europe
3 Knoll Road
Camberley
Surrey GU15 3SY
United Kingdom
44 (0) 1276 702000
Fax 44 (0) 1276 702130
Asia-Pacific
Suites 6804-8, 68/F
Central Plaza
18 Harbour Road
WanChai
Hong Kong
852 2230 3333
Fax 852 2230 3210
© 2009 Siemens Product Lifecycle Management
Software Inc. All rights reserved. Siemens and the
Siemens logo are registered trademarks of Siemens AG.
Teamcenter, NX, Solid Edge, Tecnomatix, Parasolid,
Femap, I-deas and Velocity Series are trademarks
or registered trademarks of Siemens Product Lifecycle
Management Software Inc. or its subsidiaries in
the United States and in other countries. All other
logos, trademarks, registered trademarks or service
marks used herein are the property of their
respective holders.
www.siemens.com/plm
8/09